Determine Your Need for Server Core
Scenario/Problem: During the process of installing Windows Server 2008, perhaps you noticed the Server Core option. What exactly is Server Core, and does your particular company have a need to implement it?
Solution: Server Core is a new feature in the Windows Server world. It installs a command-line administration-only version of Windows Server 2008 that helps reduce the attack surface of the server. Traditionally, there are many attack options on a Microsoft server, and you, the administrator, need to be aware of that and take action to ensure security. However, with Server Core, less code is installed (that is, there is a smaller footprint), and with that reduction in code comes a reduction in the number of places an attacker can hit. Fewer moving parts equals fewer vulnerabilities.
Note: What is the attack surface area of an operating system? Keep in mind that each application added to a system provides a corresponding opportunity for attack and so poses a risk. In addition, certain services may leave your system open to infiltration. This is all considered the attack surface, and the goal in securing a system is to reduce that surface, typically by turning off or removing features that are unnecessary.
Until you see a Server Core system for yourself, you may not believe that you are really going to be working from a command prompt again. But that is truly what you have at your disposal. In fact, the Explorer shell is not even installed. You may be surprised to learn that you aren't working with the new PowerShell command prompt.
Note: At the time of this writing, PowerShell was not functional in Server Core because it requires the .NET Framework, which cannot be installed on a Server Core system at this time. The .NET team has worked on providing a modularized version for Server Core admins to be able to work with PowerShell, and this will be available in R2. See the section "Incorporate Server Core Changes in Server 2008 R2," later in this chapter.
Now, keep in mind that Server Core isn't able to provide all the server roles that a typical server would have. The supported roles in Server Core include the following:
- Active Directory Domain Services (ADDS)
- Active Directory Lightweight Directory Services (AD LDS)
- DHCP Server
- DNS Server
- File Services
- Internet Information Services (IIS)
- Print Services
- Streaming Media Services
- Windows Virtualization (Hyper-V)
And, as you will soon see, you cannot use the Server Manager tool to install these roles. Instead, you need to install them through the command line, using a tool called ocsetup.exe.
Keep in mind that third-party application software cannot typically be installed and managed on a Server Core server, so this server isn't going to be used for things like your antivirus management or even some of the management solutions that Microsoft provides that must be installed on top of the server and require certain underlying services to be running. What this is a good fit for in an environment, however, is in areas like DNS or DHCP services or even file services.
Note: Although IIS is installable on Server Core, Server Core doesn't currently support ASP.NET. Due to the lack of support for managed code, there are many reasons you might not be able to use Server Core for your particular web server (for example, no IIS-ASPNET, IIS-NetFxExtensibility, IIS-ManagementConsole, IIS-ManagementService, IIS-LegacySnapIn, IIS-FTPManagement, WASNetFxEnvironment, and WAS-ConfigurationAPI).
Install Server Core
Scenario/Problem: You have decided that Server Core is exactly what you need in your environment. What is involved in installing Server Core?
Solution: Installing Server Core is simple. The real work is what comes after you perform the installation and have to configure the server to function through the command-prompt interfaces rather than the typical GUI interfaces that you have become so used to. Before we address those concerns, let's get Server Core up and running.
The minimum requirements are your initial concern. You want to ensure that you hardware meets the following requirements:
- RAM: 512MB RAM (which is the same minimum for the full installation of Windows Server 2008), although 1GB or more is always appreciated, especially if Hyper-V will be utilized.
- Processor: 1GHz for an x86 processor or 1.4GHz for an x64 processor
- Disk space: 10GB
You certainly want to be prepared with your Windows Server 2008 installation media and with a valid product key, although you can evaluate a server for quite some time by extending the grace period (see the section "Extend the Evaluation," later in this chapter).
Note: You may be wondering whether your existing servers can run Windows Server 2008 or whether you need to purchase new systems. Each server in your environment may be a little different, depending on when you purchased those servers and what they are. There is a tool called the Microsoft Assessment and Planning Toolkit (MAP) that you can use to inventory your servers and generate a report to help determine which servers will work for your Windows Server 2008 installations. At the time of this writing, the tool is located at https://technet.microsoft.com/en-us/library/ bb977556.aspx.
Server Core Installation Options
When you are confident that you have a system capable of running Windows Server 2008 Server Core, perform the following steps:
- Insert the disc, and when the auto-run Install Windows dialog appears, confirm the language, time and currency format, and keyboard or input method. Then click Next.
- When you see the Install Now screen, click the blue and white arrow button.
- In the Select the Operating System You Want to Install screen (shown in Figure 2.1), note that there are three Full Installation choices and three Server Core Installation choices. Select one of the Server Core options and click Next.
Note: Server Core comes in Standard, Enterprise, and Datacenter editions for i386 and x64 platforms. You will probably opt for the Standard edition because most of the differences found in the Enterprise and Datacenter editions are not especially relevant in Server Core. The Enterprise Server Core does, however, get you more processor and memory support, as well as clustering. Datacenter provides the hardware program and 99.999% reliability, but you may not require these guarantees.
- When you see the license terms, read or scan the terms and then select the I Accept the License Terms checkbox and then press Next.
- When asked Which Type of Installation Do You Want? select Custom (Advanced).
Choosing the flavor of Server Core that you require.
Note: Server Core requires a clean installation. You cannot upgrade from an earlier version or convert from a full installation to a Server Core installation. There is no upgrade to or from Server Core. So, if you install an incomplete version of Server Core, you cannot later upgrade to the full version. You have to start with a clean installation of the full version of Windows Server 2008.
- On the next screen, which asks, Where Do You Want to Install Windows? Either choose some advanced options such as Load Driver or Drive Options (Advanced) or select the disk you want to use for the installation files. Click Next. The Installing Windows screen will appear, indicating that the system is copying files, expanding files, installing features, installing updates, and, finally, completing installation. Your system may reboot several times.
- When you see the login screen, type Administrator for the username and leave the password blank. Click OK.
- Provide and confirm a new password and then click OK. The system says Preparing Your Desktop, and you eventually see a simple command prompt, as shown in Figure 2.2.
Server Core is not much to look at to begin with. At this point, you have installed a server with very little happening on the desktop.
The Server Core cmd.exe desktop.
Extend the Evaluation
Evaluating Windows Server 2008 software does not require product activation or entry of a product key. Any edition of Windows Server 2008 can be installed without activation and evaluated for an initial 60 days. If you need more time to evaluate Windows Server 2008, you can reset (or re-arm) the 60-day evaluation period three times, extending the original 60-day evaluation period by up to 180 days, for a total possible evaluation time of 240 days. After this time, you need to uninstall the software or upgrade to a fully licensed version of Windows Server 2008.
There is a support article from Microsoft, located at the time of this writing at http://support.microsoft.com/kb/948472, that should put your mind at ease that this isn't a trick that will get you in any kind of trouble with the Microsoft policy. Microsoft gives you a tool, called slmgr.vbs, to extend the evaluation.
To start with, as your initial 60-day evaluation period comes to an end, you are going to want to check the number of days you have left. From the command prompt, type slmgr.vbs -dli to see the current status of the evaluation period. To reset, or re-arm, the period for another 60 days, you type slmgr.vbs -rearm. Remember that you can do this three times.
Configure and Manage Server Core
Windows Server 2008 Server Core installation
Configuring Windows Server 2008 Server Core
Windows Server 2008 Server Core management options
Windows Server 2008 R2 Server Core changes and administration
Printed with permission from Sams Publishing. Copyright 2009. Windows Server 2008 How-To by J. Peter Bruzzese, Ronald Barrett and Wayne Dipchan. For more information about this title and other similar books, please visit Sams Publishing.